AI email security that judges by context
Connect a mailbox and WhiteHat orchestrates seven specialist agents to inspect every message in real time — judging threats by intent and context, not known patterns.
Please wire to the new account below by end of day.
It is contract-confidential — do not share or call to verify.
- ·SA-01 Identity
Display name is an exec but the domain is unrelated · Reply-To mismatch
- ·SA-02 Infrastructure
SPF/DMARC fail · new look-alike domain (summit-finance.co)
- ·SA-03 Links & visual
Links to a fake Microsoft 365 login page
- ·SA-04 Intent
Urgent wire + secrecy pressure — BEC pattern
Today's most dangerous emails don't look malicious
BEC, AI-generated phishing, quishing, supply-chain account takeover (VEC) — no attachment, no known signature. Rule- and reputation-based gateways miss them because they can't read context.
Impersonates execs or vendors to push urgent wires and account changes.
Flawless, polished lures that harvest credentials.
Hides malicious links behind a QR code to slip past filters.
A trusted vendor's account is hijacked and payment details are swapped.
Beyond rules — to context
Two ways to stop email threats — and why WhiteMail combines both.
Fixed rules block known patterns fast and precisely — but miss novel variants and clever mutations not in the ruleset.
Like a person reading email, it understands intent and context to tell legitimate mail from threats even when no rule matches.
Known threats by rules, unknown by AI. WhiteMail combines deterministic rules with a self-hosted sLLM so neither blind spot is left open.
Connect → Analyze → Decide → Respond
A four-stage pipeline that finishes the moment mail arrives
IMAP, Gmail, Outlook in five minutes — no MX change required.
Identity, infrastructure, links, intent, behavior, attachments — in parallel.
Weighted aggregation, cross-agent correlation, and org policy decide allow/flag/block.
Quarantine/release, org-wide audit, and step-by-step rationale in the console.
Spam, phishing, BEC, impersonation, attachments — one engine, no blind spots.
Detects display-name, Reply-To and Return-Path mismatches and impersonation.
Checks SPF/DKIM/DMARC, new and look-alike domains, and abused TLDs.
Catches URL mismatches, shorteners, redirects, IP URLs and QR lures.
Reads malicious intent: urgent transfers, account changes, credential theft.
Judges the relationship: first contact, repeat offenders, vendor-payment pivots (VEC).
Flags executables, deceptive double extensions, macro-enabled docs and HTML files.
Enriches with external IP/domain/URL reputation and domain registration age (WHOIS) to catch newly-registered and known-malicious infrastructure.
Add your own domain-specific agent — no core changes needed.
Detects display-name, Reply-To and Return-Path mismatches and impersonation.
Checks SPF/DKIM/DMARC, new and look-alike domains, and abused TLDs.
Catches URL mismatches, shorteners, redirects, IP URLs and QR lures.
Reads malicious intent: urgent transfers, account changes, credential theft.
Judges the relationship: first contact, repeat offenders, vendor-payment pivots (VEC).
Flags executables, deceptive double extensions, macro-enabled docs and HTML files.
Enriches with external IP/domain/URL reputation and domain registration age (WHOIS) to catch newly-registered and known-malicious infrastructure.
Add your own domain-specific agent — no core changes needed.
It doesn't stop at detection — autonomous response
The work is what happens after the verdict. WhiteMail automates report handling, quarantine, employee guidance, and reporting — so it lifts the load off your analysts.
When an employee reports a suspicious email it's analyzed, classified (threat / safe), and auto-closed instantly — it never piles up in an analyst queue.
Blocked mail is pulled from the inbox automatically; false positives are released in one click. Monitor mode reports only and never touches the mailbox.
Explains why a message is risky in plain language any employee can act on — before they click.
Connects post-delivery over API with no MX change — augments or displaces your existing Secure Email Gateway (SEG).
Why WhiteMail
Every decision is traceable to per-agent scores, signals, and escalation. Not a black box.
Runs in the cloud or fully on-prem; with a self-hosted sLLM, message content never leaves your perimeter.
English UI, signals, and verdict rationale throughout — detection covers global BEC, phishing, and impersonation.
IMAP/Gmail/Outlook, real-time push, and SIEM/SOAR export.
Per-org policy, dashboards, and roles — up to MSSP operation.
Rules filter first; only ambiguous mail hits the model — costs stay controlled.
Deploy to match how you operate
Start with non-disruptive monitoring, then switch to inline blocking when you're ready.
Scan post-delivery via API and claw back malicious mail. Five-minute deploy, zero disruption.
Receive a copy and report threats — prove value with no impact on mail flow.
Block before the inbox via connector or gateway.
Stream every verdict to Splunk or Sentinel for automated response.
We build email security that judges by context.
WhiteHat builds a security engine that understands a sender's intent and relationships the way a person reads email. Seven specialist agents collaborate to catch the targeted threats — BEC, AI phishing, quishing, supply-chain account takeover — that signature- and reputation-based tools miss. We design English-first, with data sovereignty in mind, and run the same engine in the cloud or fully on-prem.
Protect digital trust — so threats can never deceive people.
Context over patterns — explainable verdicts.
Customer data stays the customer's. Sovereign by design.
Protect your inbox in a minute
Start with no credit card. Try it instantly with the demo organization.
Get started free